Create a working directory. Then acquire the source by cloning the repository. Create a source tarball in the Debian package naming format.
$ cd ~
$ mkdir dnscryptworkdir
$ cd dnscryptworkdir
$ git clone https://github.com/opendns/dnscrypt-proxy
$ mv dnscrypt-proxy dnscrypt-proxy-0.1
$ tar cvfz dnscrypt-proxy_0.1.orig.tar.gz dnscrypt-proxy-0.1
$ cd dnscrypt-proxy-0.1
Now it's time to lay the groundwork for the package. Use DebHelper to generate the package framework. If you haven't built a package before, install the necessary packages.
$ sudo apt-get install build-essential devscripts ubuntu-dev-tools debhelper dh-make diff patch cdbs quilt gnupg \
fakeroot lintian pbuilder piuparts
Use DebHelper to lay the package framework. This will generate the debian/ directory and associated files. Go ahead and remove the defaults. The README.Debian file is also unnecessary
$ dh_make -f ../dnscrypt-proxy_0.1.orig.tar.gz -s -b
$ cd debian
$ rm *.ex *.EX
$ rm README.Debian
Edit the control file with your favorite editor. It should look like this
Source: dnscrypt-proxy
Section: misc
Priority: optional
Maintainer: pinowudi
Build-Depends: cdbs, debhelper (>= 7), automake
Standards-Version: 3.8.3
Homepage: https://github.com/opendns/dnscrypt-proxy
Package: dnscrypt-proxy
Architecture: all
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: A tool for securing communications between a client and a DNS resolver.
DNSCrypt is a slight variation on DNSCurve.
.
DNSCurve improves the confidentiality and integrity of DNS requests using high-speed high-security elliptic-curve cryptography. Best of all, DNSCurve has very low overhead and adds virtually no latency to queries.
.
DNSCurve aims at securing the entire chain down to authoritative servers. However, it only works with authoritative servers that explicitly support the protocol. And unfortunately, DNSCurve hasn't received much adoption yet.
.
The DNSCrypt protocol is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver. While not providing end-to-end security, it protects the local network (which is often the weakest link in the chain) against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.
.
The DNSCrypt daemon acts as a DNS proxy between a regular client, like a DNS cache or an operating system stub resolver, and a DNSCrypt-aware resolver, like OpenDNS.
Now edit the rules file. Using the CDBS packager makes implementing the autoconf features easy, with one exception. Since the autoconf has not been run already, it must be done before the package build. This will require the extra 'autoreconf' as a preconfiguration action. The rules file should look akin to the following.
#!/usr/bin/make -f
include /usr/share/cdbs/1/class/autotools.mk
include /usr/share/cdbs/1/rules/debhelper.mk
include /usr/share/cdbs/1/class/makefile.mk
# Add here any variable or target overrides you need.
makebuilddir/dnscrypt-proxy-0.1::
autoreconf --install
Update the changelog file using the dce tool. Mark the issue as change number zero.
$ dch -e
dnscrypt-proxy (0.1-1) unstable; urgency=low
* Initial release (Closes: #0)
-- pinowudi
Edit the copyright file with the copyright information from the package.
This work was packaged for Debian by:
pinowudi
It was downloaded from
Upstream Author(s):
Frank Denis
Copyright:
Copyright (c) 2011 OpenDNS, Inc.
License:
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
====
This license applies to all parts of dnscrypt-proxy that are not externally
maintained libraries.
The externally maintained libraries used by dnscrypt-proxy are:
- NaCl (http://nacl.cr.yp.to/). Public domain.
- libuv (https://github.com/joyent/libuv). MIT license.
+ libuv dependencies, see src/libuv/LICENSE.
- alt_arc4random.c reuses code from OpenBSD. BSD license,
see the alt_arc4random.c header.
The Debian packaging is:
Copyright (C) 2011 pinowudi
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
The software package does not have a .config file yet, so making one modification is necessary to get the CDBS manager to handle the package. Run autoreconfig to generate the autoconf files. Then execute the package build. The package should be produced in the directory below the current build dir.
$ autoreconf --install
$ debuild -us -uc
$ ls ..
dnscrypt-proxy-0.1 dnscrypt-proxy_0.1-1_all.deb dnscrypt-proxy_0.1-1.diff.gz dnscrypt-proxy_0.1-1.dsc dnscrypt-proxy_0.1-1_i386.build dnscrypt-proxy_0.1-1_i386.changes dnscrypt-proxy_0.1.orig.tar.gz
Now test the package installation.
$ cd ..
$ sudo dpkg -i dnscrypt-proxy_0.1-1_all.deb
[sudo] password :
Selecting previously deselected package dnscrypt-proxy.
(Reading database ... 122394 files and directories currently installed.)
Unpacking dnscrypt-proxy (from dnscrypt-proxy_0.1-1_all.deb) ...
Setting up dnscrypt-proxy (0.1-1) ...
Processing triggers for man-db ...
$ whereis dnscrypt-proxy
dnscrypt-proxy: /usr/sbin/dnscrypt-proxy /usr/share/man/man8/dnscrypt-proxy.8.gz
$ dnscrypt-proxy -h
dnscrypt-proxy 0.8
Copyright (C) 2011 OpenDNS, Inc.
Options:
-a --local-address=...
-d --daemonize
-e --edns-payload-size=...
-h --help
-k --provider-key=...
-l --logfile=...
-n --max-active-requests=...
-p --pidfile=...
-r --resolver-address=...
-t --tcp-port=...
-u --user=...
-N --provider-name=...
-P --local-port=...
-V --version
Please consult the dnscrypt-proxy(8) man page for details.
Good to go!